At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Sloppy but Dangerous: Fake Ransomware

    Conventional ransomware encrypts the victims’ files and holds them hostage, unavailable to their owners, promising to provide a decryptor once the victims’ pay the ransom. In some cases being tracked by security firm Cyble, however, they offer nothing in return. The files are in fact deleted.

    One such group working with “fake ransomware” is trolling for victims on malicious adult websites (more malicious than the usual run). The phishbait that lures the victims to bite is a specially crafted website (with urls like “nude-girlss [dot] mywire [dot] org,” “sexyphotos [dot] kozow [dot] com,” and “sexy-photo [dot] online”). The phish hook is an executable named “SexyPhotos [dot] JPG [dot] exe.” The unknown criminals behind the phishing campaign are, of course, hoping that the marks won’t read past “SexyPhotos,” or, failing that, certainly not past “JPG,” which their ardent eyes will inevitably tell their ardent brain translates to “no, really, saucy pix here.” And in any case the victims’ system may by default hide file extensions, so the victims may not even see “[dot] exe” in the first place.

    Cyble explained in their research report:

    “Fake ransomware acts as a usual ransomware but does not encrypt the files. The Fake ransomware shows false information that the files are encrypted and threaten the user to pay ransom for decryption. There is a possibility that victims can pay ransom to recover the files as they are renamed and unusable. We are not sure about the authenticity of the decryptor if the ransom is paid. Even if the decryptor is provided, renaming files to their original file name is not possible as the malware is not storing them anywhere during the infection.”

    The hoods are demanding $300 in Bitcoin, with the ransom doubling to $600 if the initial demand isn’t met in three days. The victims have seven more days to pay the $600, at which point, the extortionists say, they’ll permanently delete the files. In truth the files are already effectively gone, and it seems unlikely to researchers that the criminals actually have a decryptor. They’re sloppy. In this case, however, Cyble thinks the sloppiness might work to the victims’ advantage . BleepingComputer says, “A possible way to recover from this malware would be to restore your OS to a previous state since the fake ransomware doesn’t delete shadow copies. Of course, this could still result in data loss, depending on the date of the last restore point.”

    One lesson to take away from this is to follow a practice of regularly backing up important files. “In general, regular backups of your most important data would be the best practice, as an OS re-installation should be the quickest way out of this trouble,” BleepingComputer writes.

    Other lessons include the obvious one of staying away from adult sites, but like much obvious advice people are all too likely to overlook this counsel. But new-school security awareness training might help by sensitizing users to the dangers of executables, and, of course, the risks inherent in downloading untrusted files from untrustworthy sites.

    BleepingComputer has the story.

    Free Ransomware Simulator Tool

    Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

    KnowBe4’s “RanSim” gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 22 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

    Here’s how it works:

    • 100% harmless simulation of real ransomware and cryptomining infections
    • Does not use any of your own files
    • Tests 23 types of infection scenarios
    • Just download the install and run it 
    • Results in a few minutes!
    Get RanSim!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/ransomware-simulator-tool-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top